@daw At least, that's the experience with #thunderbird / #icedove / #seamonkey / #iceape. The whole security process ( #SSL / #TLS and #GPG ) needs to be surfaced in an easier way. And browser vendors making it harder to manually approve #self-signed certs is NOT the right direction, IMO, since self-verifying is better than depending on centralized and corrupt #CertAuthorities to properly verify.